My compromise is to just to minimize big tech tracking.

I mean, 90% of data is because people use corporate social media with real names and real IPs. I don’t use “social media” like everyone else, and that is just cutting away 90% of mass surveillance. I only occasionally look at reddit over VPN (without loggining in and never posting anything), I use Lemmy over Tor. Use Fennec (aka: firefox, but from F-Droid) + uBlock Origin + VPN, for everything else (like watching youtube videos)

I usually only have Fennec and Tor (amongst a few other things) through VPN, everything else is going to clearnet. My though is, if I put the entire traffic over VPN, Google would see my VPN IP attached to my device serial number.

If there is some university thing, I’d just begrudgingly use it. Use browser if possible, but if app is required, probably put it in a “work profile” (the Shelter app from F-Droid can do that) to separate it from everything else, and prevent any such app from seeing my files. Also give as few permissions as possible. And never installing any “profiles” or “certificates” they give you for access to their wifi. They should have a “guest wifi” without such requirements so just use that instead. (Or get a second phone with the “Share Wifi Connection” ability and use that as your “router” and connect your main phone to it.) Or just use mobile data if you can afford it.

For banking, put the app in the “work profile” or use browser if whatever you need to do doen’t require the app.

For uber/lyft/taxi, probably use the browser, or if that doesn’t work, again, put the app in work profile, don’t give permissions until I’m ready to use it, and its getting deleted the moment my ride is done.

For maps, unfortunately I still have to use Google Maps, because I value being alive and not getting lost in some sketchy neighborhood over the privacy… 😓

I feel like Graphene OS is too much of a hassle for me, I’ll have to get a Pixel, which does not have a microSD slot, and that’s a dealbreaker for me.

As you and others have said, privacy is just much harder on mobile than on desktop. Mobile hardware and software is generally closed-source and locked down. On a tiny screen web apps are also at a genuine UX disadvantage to native apps, which offer much weaker privacy protection.

The pragmatic not-quite solution is to do roughly what you’re doing already. NB: maps are actually pretty easy - many people find that OsmAnd and Organic Maps are superior to the corporate options.

But the optimal solution is to move some of your computing back to desktop, i.e. probably to a laptop. This way you get more control over the hardware and software. And it’s already some kind of privacy win just because the thing is not in your pocket all day. It’s really not that hard and you might even find you appreciate the change! I did.

IMO the big sticking points are the messengers and transport tools - these are where you get genuine convenience from corporate spyware in your pocket. For all the rest, I’m not convinced, personally. For mapping and fitness etc, there are F-Droid apps which work great offline. For everything else including banking, just do it in your web browser while seated comfortably at home. As far as I know, no bank except Revolut insists that you use its app. If you want to do NFC payments, that may require a locked-down OS but not an app and it can be done in airplane mode (I do it regularly).

There are ways to get better privacy on mobile but nothing approaches the benefits of just using your mobile less and your laptop more.

The alternative is a discord server, which in privacy terms is questionable choice too.

I use a Discord-Matrix bridge to communicate with some groups that are only on Discord. Of course it still all goes over Discord’s servers so the messaging itself isn’t private, but you at least don’t have to use Discord’s proprietary client, and the only data Discord will have is the data you send it from the Matrix bridge (plus identifying data on the Matrix server you’re using).

What do you usually use and offer when people ask you for contact?

Signal as a preference—not because I think it’s the best chat app (I dislike its centralised nature; not being able to self-host is a near-on dealbreaker if not for the fact that everyone I know is on Signal; and it requiring a phone number to sign up is also bad for privacy)—but because it’s the one the most people have. All my friends are on it luckily, by nature of my friends largely being communists or young queer people (or both). I also offer SMS and email. If someone asks a pretty open-ended “how can I contact you”, I might also mention Matrix and Simplex as options in case they have those.

Do you use ba[n]king apps?

No, and I really don’t understand why people do unless your bank requires it and there isn’t another appropriate bank that doesn’t require it. I’ve tried my bank’s app (which works fine on GOS luckily) and found it didn’t offer anything the web UI didn’t offer, other than the option to use the app as 2FA for banking stuff, but I just get SMS 2FA from my bank.

What’s your way of transport after having few beers in pub? Do you use taxi via calling it directly or use that weird Telegram taxi addon?

I don’t use taxis; I use public transport. But if I had to get a taxi, I would probably either use my GPlay profile on my GOS phone to install Uber, or I would probably just ring a taxi company over the phone.

Is there a way to convert google map pins to open source solutions and vice versa?

I’m not aware of a way. I’ve just told people to either give me an address or coordinates, because I don’t have google maps.

What’s your recommended software for directions? What do you use for driving?

Organic Maps has been my go-to for a while. It’s wonderful. Works well for driving too. I use RHVoice for text-to-speech, which iirc was recommended to me by a fellow lemming.

I don’t track fitness activities, and I use GOS+Pixel.

I think it’s a lot to do with developing a threat model that works for you, and understanding that, unless you’re trying to be Jason Bourne, there’s always going to be SOME compromise - the level of compromise again, depends on you.

A couple years ago when I started down this rabbit hole, I was doing EVERYTHING that I read on every privacy blog: I started using GrapheneOS, completely degoogled my phone, didn’t use any non-FOSS apps, no location apps, the whole 9 yards.

I soon came to realize I had to find a compromise. I now follow a threat model that best works for me… Naturally there are weaknesses in it, but it’s things I’m willing to risk.

1. I use Element with anyone willing to use it with me. I use QKSMS with anyone else.
2. I created a separate profile on my phone with Graphene that only has my banking apps. It still uses Aurora store and sandboxed Google services.
3. I don’t live in an area where things like Uber are available so that ones not a problem for me. I just call for a taxi oldschool.
4. OSMand+. I won’t turn it on (or location) until I’m away from my house and already on the way. You can also manually download apps for offline and use it like an old school paper map.
5. Kind of unrelated but, I use Obsidian for almost everything I keep track of in my life. I document my fitness exploits on Obsidian.
6. I use a Pixel 8 with GrapheneOS. I use my phone calls as per normal but usually try and text (see #1 above) my phone also has a record button when you call someone - I’ll generally record every conversation I have with anyone from any company, etc., which has already saved me some headaches in a few cases where service providers promised something and then didn’t follow through and I could go back in the recording and prove they said a certain thing.

A few extras:

1. I also have an audio recorder on my phone with a shortcut that turns it on when I double tap my screen. I use this whenever I go somewhere strange/alone like a Kijiji meet up or something, get pulled over by the cops, etc. - just for safety/contingency.
2. I use Kmeet for video chat with family, friends.
3. I use Pipepipe, Newpipe, etc. for videos and most music.
4. Proton for VPN
5. Proton/Tuta for email.
6. Ente for photos.

That’s just my little process… I know some of these aren’t directly related to common phone usage but it’s how I use my phone daily, so hopefully some of it is interesting to you.

1. Element or SMS.
2. …
3. …
4. Yeah, manually. Osmand, Organic Maps (both have public transport now)
5. No
6. OnePlus line sucks in hardware (digitizer & fingerprint are shit, no jack or SD). Get something else.

edit: fuck auto-ordering lists.

Some food for thought:

Absence of information is its own sort of information. You may find it worthwhile in your search for an acceptable compromise to place some kind of value on “looking normal”.

1. email, everybody has that, if they can’t use it, well up to them to offer an alternative but anyway with DeltaChat I can get notified instantly.
2. Web. Sure the app does provide some convenience but most banks do have a working website that do not need an app as usually SMS 2FA works.
3. Real taxis do have phone numbers… but they also have apps and most do not required Google Services AFAIK
4. OpenStreetMap and CityMapper and (I know I’m going to sound nuts) but actually road signs or asking people
5. No but same, plenty of apps on F-Droid that don’t require Google Services, otherwise… a .txt file? .ods spreadsheet with visual? Same on NextCloud so you can share with others even though nobody cares? (sorry)
6. PinePhone, PinePhone Pro, Purism Librem, and (ahem…) Apple iPhone if you want a compromise between privacy and still convenience?

Regarding mobile phone choice you could always go all the way and get dumb phone. :D

In my personal life and in communicating with family, there are few compromises. Most of my compromises come from work.

Phone: Pixel with GrapheneOS and FOSS apps only as my primary. Old Pixel 4a with GrapheneOS as my secondary, with the main profile as testing grounds for various apps and a second profile holding work apps. Whatsapp seems to be the lowest common denominator for practical communication with colleagues.

My workplace is BYOD, with MDM only for software licensing. Alongside my customary X230, I carry my lightweight, secondhand X1 Nano, where I have Windows, software licensed alongside said MDM, and Firefox logged into my work Google account.

Key aspect for me is having work and personal life on separate devices. Not completely airtight, but as good as I can get it without making work any harder than it needs to be.

Banking: Fortunately everything my bank has to offer can be done through a browser. My plan if a mobile app with play integrity ever becomes necessary is to buy a regular Android with a removable battery just to host that app.

Transport: If I’m on a business trip without access to my car (no spyware, it’s from the 90s) and there is no public transport, I’ll get a friend or colleague to call an Uber for me. I haven’t gone out drinking at night since college and I’m not inclined to do so in the future.

Maps: Usually Organic Maps suffices, I generally commit routes to memory before going out. For the occasional satellite map, Google Maps in a browser. I have gotten my family to use Magic Earth though.

Fitness: no actual stats, just a handwritten entry in my daily journal as to whether I followed through with my exercise routine.